[jira] [Commented] (HTTPCLIENT-1118) SSLException on 4.1.2

Tue, 01 Nov 2011 09:41:54 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13141303#comment-13141303
 ] 

David Kocher commented on HTTPCLIENT-1118:
------------------------------------------

I don't think this is caused by using deprecated constructors of the mentioned 
scheme registry classes. Instead the diff between the tagged versions of 
SSLSocketFactory in SVN show that for 4.1.2 the hostname verifier is passed the 
#toString() implementation minus the port of Inetaddress of the socket. In 
4.1.2 InetSocketAddress#getHostName() is called instead. The code in trunk has 
again changed since.
                
> SSLException on 4.1.2
> ---------------------
>
>                 Key: HTTPCLIENT-1118
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1118
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.2
>            Reporter: Weili Shao
>
> We have an application using HttpClient and Amazon web service, after we 
> upgraded from 4.1.1 to 4.1.2, we get this error stack:
> Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: 
> <ec2.us-west-1.amazonaws.com/204.246.162.140> != 
> <ec2.us-west-1.amazonaws.com> OR <ec2.us-west-1.amazonaws.com> OR 
> <us-west-1.ec2.amazonaws.com>
>         at 
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:228)
>         at 
> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
>         at 
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
>         at 
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
>         at 
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
>         at 
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
>         at 
> org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
>         at 
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
>         at 
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
>         at 
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
>         at 
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
>         at 
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
>         at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
>         at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
>         at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
>         at com.xerox.amazonws.common.AWSQueryConnection.makeRequest(Unknown 
> Source)
>         at com.xerox.amazonws.ec2.Jec2.makeRequestInt(Jec2.java:2357)
> at com.xerox.amazonws.ec2.Jec2.makeRequestInt(Jec2.java:2367)
>         at com.xerox.amazonws.ec2.Jec2.describeInstances(Jec2.java:826)
>         at 
> com.telenav.utility.monitoring.EC2MonitorService.getCurrentInstanceId(Unknown 
> Source)
>         at com.telenav.spring.NodeAware.getNodeId(Unknown Source)
>         at com.telenav.spring.NodeAware.init(Unknown Source)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
> However, after we rollback to 4.1.1, it becomes working again. I didn't spend 
> too much time to understand what's going on. By reading the release notes, I 
> didn't see anything has been changed for SSL. So I just file it to you guys 
> to see if it's really an issue.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to